Vulnerability Description
A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M580 Firmware | All versions |
| Schneider-Electric | Modicon M580 | - |
| Schneider-Electric | Modicon M340 Firmware | All versions |
| Schneider-Electric | Modicon M340 | - |
| Schneider-Electric | Modicon Quantum Firmware | All versions |
| Schneider-Electric | Modicon Quantum | - |
| Schneider-Electric | Modicon Premium Firmware | All versions |
| Schneider-Electric | Modicon Premium | - |
Related Weaknesses (CWE)
References
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745ExploitThird Party Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745ExploitThird Party Advisory
FAQ
What is CVE-2018-7845?
CVE-2018-7845 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the ...
How severe is CVE-2018-7845?
CVE-2018-7845 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7845?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M580 Firmware, Schneider-Electric Modicon M580, Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Modicon Quantum Firmware.